Gartner integrates Burton; blogs index updated

Over the last few months, Gartner have finally and fully integrated the Burton Group services and analysts acquired in January 2010.

The IT1 service is now referred to as Gartner IT1, although the Burton name is still attached to Gartner’s lead web page for the service. But the separate Burton Group website, which was maintained independently for a while, has now joined the AMR site in being consigned to oblivion.

Gartner’s online page outlines how they differentiate IT1 from the mainstream Gartner technical service. They pitch IT1 as adding the technical depth to the mainstream (“detailed technical insight to help your technical architects and engineers deliver outstanding results”). This was indeed the rationale for acquiring Burton: the need to provide service-oriented IT professionals with deep technical support for their architectural and implementation decisions, and an admission that Gartner, as they were, did not have the full resources needed to deliver this insight – though I’m not sure they would have admitted it before the acquisition!

At the same time, the Burton legacy blogs have also joined AMR in the Delete basket. This means InformationSpan has been able to simplify our Blogs Index for Gartner by removing references to Burton information. It’s been updated, with a few new names and other changes.

We’ve also introduced new indicators to identify blogs which are active and those which are, in various stages, dormant. Currently, of 123 Gartner analyst blogs which are accessible online, only 53 have content published within the last three months. For a further 18, the most recent post is between 3 and 6 months old; for 10, between 6 and 9; for 9, between 9 and 12; and 33 are at least a year out of date and sometimes significantly more. Also of these 123 blogs, 24 are still on the system but don’t appear in Gartner’s own list of analysts who are blogging. Some of these relate to analysts who have left Gartner: but not all; correspondingly, not all blogs are removed when an analysts leaves. It’s a touch confusing, but our index shows clearly what’s what and who’s who.

On the positive side: all the titled blogs, including Mastering the Hype Cycle (which had been dormant) have recent content. The Symposium blog is particularly worth visiting at the moment, while the Autumn cycle of Symposium events continues.

• InformationSpan Analyst Blogs Index, updated 11 Nov 2011
• Burton IT1: service page from Gartner

Links for PCI DSS

I’m facilitating a workshop next week on PCI DSS and as usual here are some of the links I’ve identified, including some recent enforcement casework.

For the uninitiated: PCI is the Payment Card Industry and DSS is its Data Security Standard. PCI is an international body, and the standards are effectively set by the “acquirers” – that’s PCI-speak for those bodies such as card issuers and banks who “acquire” the transactions and transfer money.

National information security requirements are very much to the fore too. In the UK the Information Commissioner’s Office (ICO) recently took enforcement action against Lush, the cosmetics firm, and their press release uses that case to emphasise that organisations must implement PCI DSS, or some equivalent standard, in order to be meet the basic requirements for compliance. This issue was resolved by an undertaking from Lush, but ICO information outlines all the enforcement options and potential penalties.

Compliance to standards doesn’t replace the need to understand potential vulnerabilities, not least when using embedded page elements that can be hijacked!

PCI – Payment Card Industry
PCI DSS – PCI Data Security Standards
CSRF: Cross-Site Request Forgery
IDS : intrusion detection system
IPS: Intrusion Prevention System
ISA: Internal Security Assessor
QSA: Qualified Security Assessor
ISO: Independent Sales Organisation (in this context!)

• PCI SSC Data Security Standards Overview, from PCI Security Standards Council
• ICO warns retailers to implement PCI-DSS or face “enforcement action”, Security Vibes, 12 Aug 2011
• Online security must be a priority for retailers, says ICO, ICO Press Release, 9 Aug 2011
• Taking action: data protection and privacy and electronic communications, ICO information (including a list of recent prosecutions)
• PCI DSS: An Acquirers guide for PCI Compliance Best Practices, from the PCI Compliance Guide (an independent PCI source)
Cross-Site Request Forgery (CSRF), information from the Open Web Application Security Project (OWASP)

Green IT Expo: presentations published

Keynote presentations from the Green IT Expo (see previous postings) have now been posted. Simon Mingay’s presentation from Gartner is not available (now there’s a surprise) and be warned that the link behind the rubric “Presentation Unavailable” goes to the following presentation from Verdantix.

• Green IT Expo presentations
• A Gartner perspective on Green IT, ITasITis, 1 Nov 2011
• Green IT; encountering Connection Research, ITasITis, 1 Nov 2011
Green 3: Andy Lawrence of 451, ITasITis, 1 Nov 2011

McKinsey ask: How strategic is our technology agenda?

McKinsey Quarterly poses this question in the latest issue with some case study information. The fundamental issue is an old one: the IT budget being spent on maintenance, with smart investment being what gets squeezed out. But the illustrations suggest ways to move forward. It’s not the old “Align IT with the business” mantra, which still starts from the assumption that IT somehow is outside and separate from “the business” and that the disconnect is IT’s problem.

This article admittedly starts by profiling a dysfunctional CIO who doesn’t understand the issue. But it looks at the issue from the whole business perspective – that is, the CEO’s. It shows how investment can be viewed, even when it’s core infrastructure that’s at issue; it talks about benchmarking capabilities against non-competitive industries, not just competitors; and highlights some of the perceived wisdom which can, sometimes, be plain wrong and a distraction from the real challenges.

How strategic is our technology agenda? McKinsey Quarterly, Oct 2011

Green 3: Andy Lawrence of 451

Continuing my assessment of analysts I haven’t heard before: here at the Green IT Expo is Andy Lawrence of 451 Group, talking “Green Datacentres to Green Clouds”. Andy looks after data centre disruptive technologies, and eco-efficient IT, for 451. It’s the first time, again, that I’ve heard 451 directly.

He promises an overview including a European Union Framework project called Optimis. I’ve been involved in EU research in the past, didn’t know about this one: that’ll be interesting.

Here’s a sort-of hierarchy of energy efficiency for the data centre. At the base, five years’ work on reducing the power use of datacentre infrastructure: PUE, best practices, EU Code of Conduct. One tier up: work on lower power chips, efficient drives, virtualisation, power management etc. Above that again, the ability to look holistically at an application or service: for example, what’s the eco-impact of choosing 1 second response rather than 1.5 seconds?

So: Cloud. Cloud should be more eco-efficient and it’s often asserted to be so. But is it? 451 believes the assumptions are largely unproven. [Private] cloud and virtualisation, as a matter of observation, seems – so Lawrence says – to show under-utilisation so some of the eco gains are not realised..

We’re about to see another measurement framework. Here, there are four axes: economic, compliance, CSR (corporate social responsibility), operational effectiveness. Again, take a holistic look: e.g. what’s the energy cost of insisting backups are permanently online rather than powered-down (on tape, for example).

How do you measure resource efficiency? There are some proxy metrics; there are  direct measures (i.e. actual measurements, not estimates: how much carbon now); and metrics (e.g. PUE). They are “good; but be careful: unreliable for business decisions”. We’re promised a tour of some cross-industry initiatives, and also a few highlights from individual companies.

The EU’s Optimis project provides a list for assessment: trust, risk, eco-efficiency, cost (TREC). The aim is to create an architectural framework that looks at all of these, and a development toolkit. Lawrence asserts the need for multiple metrics: “a lone metric never works”. The hard stuff is the effort to associate carbon with a cloud service, especially where the actual data are locked up in the provider’s data centre and they may well have no interest in providing the detailed data to feed into the models. It is, at the least, a hard problem.

Lawrence outlines an alternative proxy approach. It still relies on cloud providers doing the sums; but they may well already be gathering the data, and may well be more willing to deliver a category-based per-hour or per-VM footprint  (kWh and carbon per VM hour, perhaps). Its accuracy needs to be similar to that of billing, neither much more nor much less.

This presentation has given me an incentive to revisit what I know of 451 Group: perhaps the most encouraging aspect was Andy Lawrence’s willingness to identify, and review, academic/industrial research projects which are easily overlooked by an insight market which tends to look only at vendors’ own development pipelines. It admits that development of real, workable methodologies is some time away: Optimis, like all EU Framework projects, is pre-competitive research. But while the project itself may not deliver the ultimate solution, the ideas it generates will certainly inform future metrics and tools.

• The 451 Group and The Uptime Institute
• Optimis EU project: Optimized Infrastructure Services
• EU GAMES: Green Active Management of Energy in IT Service centres (similar, for high performance computing)
• (These projects are within the EU’s 7th Framework Project; the CORDIS database holds information on these and all projects)

Related posts:
A Gartner perspective on Green IT
Green IT; encountering Connection Research

Green IT; encountering Connection Research

Connection Research is an Australian insight service focussing on sustainability issues. I know of them – they’re in the InformationSpan database – but this encounter at the Green IT event is the first chance I’ve had to hear from a key person; in this case, William Ehmcke the CEO. It’s another META Group spin-off company; William, it appears, led META in Asia-Pacific until it was acquired by Gartner in 2004.

This is an as-it-goes blog, plus a bit of later tidying up.

Connection reckons to work from real data, determining metrics and developing benchmarks. Their areas are: communities; green IT; the built environment; and carbon/compliance (Australia is about to introduce carbon pricing, around A$23/ton).

Connection also recognises “green fatigue” and “greenwash”; but broader issues are gaining prominence for PR; from regulation; or for financial reasons (direct, or indirect because of brand and reputation issues). There’s a perfect storm of issues, because the rise of “big data” is increasing demand; transparency is being demanded; energy security is a rising issue (in Australia as in the USA, though not so much in the UK); and simple cost.

Connection has helped to develop an ICT Sustainability framework and index, with academic partners, across: equipment lifecycle; end user computing; enterprise & data centre; and IT as a low-C enabler. Essentially, in this, is the same distinction as in Simon Mingay’s presentation: doing IT green, and enabling green business by IT. He recognises Bring Your Own plus mobility as a sustainability strategy – it creates fundamental savings and helps reduce the need for permanent facilities on the current scale..

The Fujitsu Global ICT Sustainability report, published Sept 2011, surveyed 80 different areas. It appears that results on the IT Sustainability Index (ITSx; see Connection’s website for more information) have generally regressed recently, and this isn’t a drag effect from emerging economies in China and India. Within the detail, it’s interesting that Government is ahead of the across-sector average index. Surprisingly, brand reputation is driving some “dirty” industry (e.g. mining) up the stack. Nationally, Canada is the leader and the UK second; regulation has been driving this market; and few markets excel in all the sectors.

Ehmcke highlights the major slip in the ITSx for Professional Services; odd, because these industries have only buildings, people and intellectual property. They ought to be easily able to excel; but they don’t, and have slipped relative to 2010 as has, more understandably, manufacturing.

In response to a question: an interesting national measure is GDP value per unit of carbon emission, where Japan leads the way (though not included in the Connection stats; the survey wasn’t done because of the tsunami). Ask how much carbon your enterprise uses per $million of revenue … the use and development of effective metrics is falling back and, without data, action is impossible. Over half the CIOs surveyed have no idea about their IT power consumption, for example.

In response to another question: a point was made that sustainability, in many corporations, is handed to Risk Management (even where there’s a Sustainability Officer), because it’s seen as being about compliance and a holistic view isn’t taken.

A couple more questions, and then a quick outline of the Foundation for IT Sustainability, and the new Green IT Fundamentals course based on licensed training material from Connection, linked to CompTIA, and supported by the Global e.Sustainability Initiative. A useful presentation; the emergence of training, metrics, and certifications is important and the topic was expanded in a presentation from the BCS which I haven’t blogged.

• Connection Research
• ICT Sustainability: Global Benchmark Report Reveals a Lack of Visibility of the ICT Energy Bill Has Delayed Success, Fujitsu Press Release, 21 Sept 2011: headline summary, with link to obtain a copy of the full report
• Foundation for IT Sustainability (FFITS)
• Global e.Sustainability Initiative (GESI)

Related posts:
A Gartner perspective on Green IT
• Green 3: Andy Lawrence of 451

A Gartner perspective on Green IT

I’m at Central Hall, Westminster – home territory for a Methodist! I’m here for an event and expo on Green IT; waiting for the keynote from Simon Mingay of Gartner. There’s connectivity, so this blog will get periodically updated. Links, as always, will get added later; probably tomorrow.

“What happened to the Green in Green IT”? Both aspects: “Greening of IT” and “Greening with IT”. Mingay’s perspective: Green isn’t the primary agenda; it’s always been about cost, and about saving resources (particularly energy); but the aims coincide. ICT brings together the business information to achieve the targets.

1 – IT organisations have to engage, don’t wait for “the business” to come to you.
2 – IT must innovate, as part of the enterprise’s wider innovation agenda
3 – investment in IT systems must connect to the business’s value generating aspects, not just the “corporate and social responsibility” (CSR) agenda; although CSR is good for profit, this issue goes further.

Some organisations are slipping backwards, believing they’ve ticked the box – this ties up with a later data-driven observation from William Ehmcke of Connection Research. Energy management is a new core competency; demand and prices are both increasing and the resulting pressure on costs is unsustainable. Mingay quotes Andrew Witty, CEO of GlaxoSmithKline: “if we don’t do something about it, we’ll be out of the game”. Tactical improvement is not enough!

Mingay highlights various aspects of the enterprise world: corporate initiatives (e.g. Unilever Sustainable Living); vendor acquisitions and partnerships; enhanced regulations (mentioned Scope 3 and see ISO 50000; see Links, below). The focus is moving beyond compliance to a “resource perspective on the organisation”, designed in, continuous (not a once-a-year report), and including the whole supply chain: which isn’t easy!

Gartner offer a Strategic Planning Assumption – one of the tenets which shape their research: “By 2015, sustainability will be an economy-wide, top-five priority for major Western European and North American CEOs.” Though as a colleague at the event commented, this doesn’t identify which current top-five issue will give way to it!

Gartner offer three frameworks to assess:

  • sustainability maturity: the more mature the performance, the higher the demand for information enablement
  • sustainability value, in five domains varying from Enabling to Contributing (e.g. new business models, new products/services), linked to the run/grow/transform model, with separate scales for private and public sectors;
  • solution domans for sustainable business systems: from compliance (low strategic priority) to growth, and from hindsight to foresight, segmented into (a) compliance, risk and governance; (b) enterprise efficiency; and (c) brand/reputation.

Building management is an obvious area where ICT can correlate and analyse the data from environmental monitoring and control, and deliver cost and eco benefit. Mingay isn’t the first to highlighted the opportunities for FM and ICT to work together; we know about this one from a Leading Edge Forum Study Tour in, I think, 2007.

And guess what, there’s a Sustainability Hype Cycle … the key point is the very large number of technologies mapped on it. Energy-efficient IT is mainstream (“mostly”), he says. But sustainable IT is still stuck in a niche, considering aspects such as toxics and e-waste and pigeon-holed with these issues. Supply chain issues, and systemic energy efficiency (middleware, network, application) are at present still stuck in “academia”, he says – what this means is that the fundamental research on how to identify, measure and model these issues is still being done.

Three stages: optimisation (current); innovation (starting – lots of “adopted innovation” which isn’t really new, and not yet seeing attitude changes especially towards compromise on performance and availability); paradigm change (rare, as yet, but the shift to Cloud has the potential to be one). Examples: data centre infrastructure management (DCIM), treating the whole data centre as a system, with PUE modelling, active power management and so on. Gartner are bringing this topic into their Data Centre and Infrastructure/Operations events. He offered some perspectives on emerging DC design trends, in a modular “build small, build often” approach. There is a list of “ten things to think of next” – starting with measurement! The two key optimisation parameters are space, and compute power per kWh, and sustainability governance is essential for progress (with IT fully engaged).

If you think you’re done on Green IT, you haven’t understood the issues!

• Sustainable Living Plan, from Unilever, aims to” develop new ways of doing business which will increase the social benefits from Unilever’s activities while at the same time reducing our environmental impacts”
• There’s information on the ISO 50000 family of standards on the ISO Helpline (and in many other places!)
• Greenhouse Gas Protocol Corporate Value Chain Accounting and Reporting Standard, also known as Scope 3, from the World Resources Institute
• Hype Cycle for Sustainability and Green IT, 2011, Gartner, 28 Jul 2011 (available to subscribers only; if this link doesn’t work, search for document G00214739)

Related posts:
• Green IT; encountering Connection Research
• Green 3: Andy Lawrence of 451